Unless I am missing a setting, Firefox’s built-in password manager appears to have two hard limitations:
1. It only allows saving credentials at the site level, for example sample.com, not per path such as sample.com/signin or sample.com/admin.
2. It only allows one saved password per username for a given site.
Both of these are extremely limiting. The first restriction prevents saving different logins for distinct sections of the same site, which is a fairly common real-world use case. The second restriction breaks scenarios where there is no username at all but multiple valid secrets. A sample of this is a site that uses 2FA or challenge-response security questions, where one of several possible answers is requested at random. There is no username involved, but users still need to store multiple valid responses tied to the same site.
In these cases, it should be possible to save multiple passwords or secrets for a single site, even when the username field is empty. As far as I can tell, Firefox simply overwrites (auto-fill interface) or refuses additional entries (about:logins), which makes the password manager unusable for this class of workflows.
Is this behavior intentional? If so, what is the rationale behind these constraints? Are there any workarounds, flags, or about:config settings that relax this behavior? From what I can see, other major browsers do not impose these same restrictions.
